Description
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
Potential Impact
Other
Other
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2005-2260 | Browser user interface does not distinguish between user-initiated and synthetic events. |
| CVE-2005-2801 | Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Insufficient Type Distinction
Frequently Asked Questions
What is CWE-351?
CWE-351 (Insufficient Type Distinction) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
How can CWE-351 be exploited?
Attackers can exploit CWE-351 (Insufficient Type Distinction) to other. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-351?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-351?
CWE-351 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.